Skip to content

Creating the Connector Server

This sections outline how to create the Connector servers on RHEL/Rocky Linux and other system requirements that are required to install and run the Connector.

Minimum Requirements

The following section outlines the minimum requirements for installing the Connector on Rocky Linux and RHEL. You need an operating system with the following specifications:

  • Operating System: RHEL/Rocky Linux 8.x.
  • Minimum 4GB RAM.
  • 4 CPU
  • Minimum 30 GB Storage
    • If you are using LVM and /var is mounted on a separate volume, that volume must have 30 GB or more. This is to ensure that the installation process succeeds and Anyware Connector can function at an optimum level.

Network Requirements

Once you have setup a dedicated Virtual Machine(VM) for the Connector, please ensure the following environment conditions are met:

  • You must have access to the internet for an online installation. For Darksite installation see, Installing the Connector on RHEL/Rocky Linux- Darksite Installation
  • The virtual machine must have ports TCP 443, and ports TCP/UDP 4172 enabled, Please check Firewall Load Balancing Considerations for additional port and firewall information.
  • You must have console access to the virtual machine using SSH.
  • The server must be able to resolve the AD domain.
  • You must have superuser (sudo) privileges on the virtual machine.
  • The networking configuration of the server (including the IP address) must not change while the Connector is operational.

Firewall Configuration

Before you configure firewall, please ensure the following conditions are met:

  • The Virtual Machine must have port TCP 443 and TCP/UDP 4172 enabled in its firewall rules
  • Within virtual network in the VM, the Firewalld is configured properly for Anyware Connector to run within the Virtual Machine.
    • You can confirm it by running the following command: 
      sudo systemctl status firewalld
      If the firewalld status is 'active', make sure you execute the following commands to configure firewall correctly. If the firewalld status is 'inactive' and your organization does not require firewall on the Anyware Connector VM, then please skip the step below.

Commands to configure firewall:

sudo firewall-cmd --permanent --add-port=6443/tcp # virtual network flannel
sudo firewall-cmd --permanent --add-port=4172/tcp # PCoIP SG port
sudo firewall-cmd --permanent --add-port=4172/udp # PCoIP SG port
sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 # This subnet is for the pods
sudo firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 # This subnet is for the services
sudo firewall-cmd --reload

Disable Swap

Connector is built on K3s, and it's strongly recommended to disable swap on a Linux system to avoid memory issue in a production environment. It is recommended to disable swap on a Linux system to avoid memory issue.

You can do the following to disable swap:

  • If this is a new install and you want to disable swap permanently on the Connector server:
    • Edit the /etc/fstab file and add '#' in front of any line that contains the word 'swap'.
  • If you have an existing Connector and is running into memory issue, run the following command to disable swap immediately. (This is not retained after a system reboot):
    • sudo swapoff -a

If Swap is required for any reason, it should be greater or equal to the size of the RAM. There is no guarantee that it works, so it is strongly recommended to disable it.

Enabling Connections over WAN

When the Connector server is accessed outside the domain, it should be configured for external access (this step is only required if you want to enable remote access to the workstations without requiring a VPN):

To enable external PCoIP connections:

  • The remote server should have a public IP address. This can be done via bi-directional NAT mapping. During the installation, you should use the --external-pcoip-ip flag to set the IPv4 address for the Connector for external connections.
  • By default --enable-security-gateway is set to true forcing all sessions to go through security gateway to allow external users to connect to their workstations, if your environment consists of internal users, the Security Gateway can be disabled by passing --enable-security-gateway=false.

Verifying the Connector Server

To verify your Connector server network configuration, SSH into the machine and ping the domain and a remote workstation in the domain. You should get a successful response from both attempts:

ping <domain FQDN>
ping <remote workstation FQDN>

DNS and Name Resolution

You must ensure that you can resolve your AD domain and controller. For information on how to install and edit resolve.conf, and configure DNS name resolution, see Configuring DNS Name Resolution.